[Colloquium] Computer Science Seminar - Friday, March 14, 2014

Sandra Wallace swallace at cs.uchicago.edu
Tue Mar 11 08:41:43 CDT 2014 

Ravi Chugh
University of California, San Diego

Date: 	Friday, March 14, 2014

Time:	2:30 PM

Place:	Ryerson 251
 
Title:	  	“Modern Type Systems for Dynamic Languages"
 

Abstract:
Many modern systems, both for the web and for the desktop, are developed largely in so-called "dynamic" or "scripting" languages like JavaScript, Ruby, and Python. In addition to being untyped, these languages sport several features --- run-time type tests, lightweight dictionary objects, and dynamic code loading --- that make it easy to rapidly prototype and to glue together applications from disparate components. As applications grow large, however, the lack of static typing makes it difficult to achieve reliability and maintainability. Moreover, third-party code like plug-ins, ads, and browser extensions are routinely downloaded and run on client machines, and the flexibility of scripting languages makes it hard to ensure security.  Ideally, programming languages would provide compile-time enforcement of security-related properties, to augment and complement run-time systems security techniques.

In the first part of this talk, I will present Dependent JavaScript (DJS), a statically typed dialect that facilitates precise reasoning about JavaScript and other popular dynamic languages. I will describe the major obstacles that have stymied prior attempts at static reasoning for JavaScript, and I'll outline how DJS overcomes them using several key innovations based on refinement types and SMT (Satisfiability Modulo Theories) solvers.

In the second part of the talk, I will show how the techniques in DJS lay a foundation for verifying security properties of third-party code. After describing preliminary experiments that use DJS to author secure JavaScript browser extensions, I will identify several future directions of work that will lead to a platform for fine-grained language-based security.

Bio:
Ravi Chugh is a Postdoctoral Scholar in the Computer Science department at UC San Diego, where he recently finished his Ph.D. Ravi also holds master's and bachelor's degrees from the University of Pennsylvania. Ravi's research interests include developing programming language techniques (such as type systems, dataflow analyses, and run-time instrumentation) to improve software reliability.


Host:  John Reppy
 

*Refreshments will be served after the talk at 3:30 pm in Ryerson 255*



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.uchicago.edu/pipermail/colloquium/attachments/20140311/a4d4fdda/attachment.htm

More information about the Colloquium mailing list